Last Updated: April 4, 2022
We appreciate you using Twilio Frontline. Entrusting us with your personal data is a serious responsibility, and we want you to know how we approach privacy and data protection. This Frontline Privacy Notice describes:
- The types of information Twilio may collect or that you may provide when you download, install, access, or use the Frontline App or the Frontline Services.
- How Twilio shares that information with others.
- Twilio’s practices for collecting, using, maintaining, protecting, and disclosing that information.
- Ways you can review and make changes to the information you’ve shared with us.
This Frontline Privacy Notice is an addendum to, supplements, and incorporates the terms of the Twilio Privacy Notice. If you need to know more information about Twilio’s data processing practices, please refer there. This Frontline Privacy Notice applies only to information Twilio collects in:
- The Frontline App;
- Conjunction with the use of the Frontline Services; and
- Email, text, and other electronic communications sent through or in connection with the Frontline App or Frontline Services.
This Frontline Privacy Notice does not apply to information that Twilio collects offline or via any other Services, apps, or websites, including websites you may access through the Frontline App; or information you provide to, or information collected by, any third party. Twilio’s website and apps, and these other third parties, have their own privacy policies, which we encourage you to read before providing information on or through them.
Unless specifically defined, terms used throughout this Frontline Privacy Notice have the same definitions as those given in the Twilio Terms of Service and the Twilio Privacy Notice, as applicable. However, for clarity, in this Frontline Privacy Notice, all references to “customer” will refer to the Twilio customer who has contracted with Twilio to use the Frontline Services, and all references to “you” and “Frontline user” will refer to that customer’s employees and contractors who that customer has authorized to access the Frontline App on its behalf. The intended audience of this Frontline Privacy Notice is Frontline users. Twilio customers who have signed up to use the Frontline Services and those customers’ end users who receive communications that may have been sent via the Frontline App should refer to the Twilio Privacy Notice.
We collect two broad categories of personal data while you’re using the Frontline Services:
- Your personal information as a customer (or potential customer) of Twilio’s services — information that we refer to as Customer Account Data, and
- The personal information of your Frontline Users and End Users (each, a “user”) who interact with and communicate with you while you’re using the Frontline Services — this category contains both your Customer Usage Data (e.g., communications metadata) and your Customer Content (e.g., the contents of communications).
You can always read more about how Twilio collects and processes personal information in the Twilio Privacy Notice, including our legal basis for processing, if you’re in the EEA. Specifically, we collect certain information from and about Twilio Frontline’s customers, as well as our customers’ users directly from users when they provide it to us, and automatically when a user uses the Frontline App or Frontline Services. Twilio uses this information to identify you as you use the Frontline Services, so we can provide the Frontline Services to you.
Depending on your interactions with us, we might collect the following categories of personal information, and for the following reasons:
- We collect Identifiers, like your name and contact information (Customer Account Data), when you sign up for or use the Frontline Services and to do things like allow you to use our products (including the Frontline App), verify your identity, and communicate with you. These include unique device identifiers as you use the Frontline App.
- We collect Commercial information when we keep track of the Frontline Services that you purchase from us and our communications history about the Frontline Services.
- We collect Financial information, such as your payment information, when you pay for the Frontline Services.
- We collect Internet and other electronic activity information, such as communications metadata, as you use the Frontline Services. This metadata may be information about how you interact with our websites and the information on them; what features you use on the Frontline Services; or it may be your Customer Usage Data as you send communications over the Frontline Services.
- We collect Geolocation information when you use the Frontline Services such as your IP address for analytics purposes.
- We collect Professional or employment information, such as your company or employer or your role at your company.
- If you use other Twilio services or products, we may collect additional information; please see the Twilio Privacy Notice to see how Twilio collects and uses personal data in general.
In addition, as a processor and a service provider, we process Customer Content — the content of communications — that may include personal information from any of those categories, plus others.
To use the Frontline App, your users must login using a third party account, i.e., your Single Sign-On provider. The authentication of your users login details is handled by that third party and we only collect the information your users expressly agree to share with us at the time they give permission to link their Frontline account with the third party account. We only gather the information you give us access to, and we only use it for the purposes for which you have provided it to us, as you have authorized in the Twilio Terms of Service, the Twilio Privacy Notice, the Twilio Frontline End User App Terms, and in this Frontline Privacy Notice, as applicable.
Twilio Frontline uses personal information, including Customer Usage Data, Customer Account Data, and Customer Content, as necessary to perform and provide the Frontline Services you request. This includes performing the necessary functions of our business as a service provider, as described in the Twilio Privacy Notice.
- We may use your Customer Account Data to manage your account; to carry out our core business functions such as billing and account maintenance; and to detect, prevent, or investigate security incidents, fraud and other abuse or misuse of the Frontline Services.
- We may use your Customer Usage Data to assist you with debugging or troubleshooting. We may also use it in connection with detecting, investigating, and preventing security incidents; detecting and preventing spam or fraudulent activity; and detecting and preventing network exploits and abuse. It may also be anonymized, as allowed by law, and we may use data that can no longer identify you or relate to you for our legitimate business needs.
- We only use your Customer Content as necessary to provide the Frontline Services (which may include investigating security incidents and preventing spam or fraudulent activity, and detecting and preventing network exploits and abuse); as necessary to comply with applicable law; and as you instruct. These instructions may take the form of commands sent via the Frontline App.
- We do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes, unless you ask us to do this or give us your consent; and we will not retain, use, or disclose your personal information for any commercial purpose; and we will not retain, use, or disclose your personal information outside of the scope of the Agreement we have with you. You can see our CCPA Notice for more information.
We do not disclose personal information outside Twilio Frontline, except as described in this section.
As mentioned above, we do not sell or allow your Customer Account Data to be used by third parties for their own marketing purposes, unless you ask us to do this or give us your consent to do this. Further, we do not sell your users’ personal information. We also do not share it with third parties for their own marketing or other purposes, unless you instruct us to do so.
There are a few scenarios in which Twilio Frontline may share personal information:
- We may share personal information with your consent, to perform services you have requested.
- We may share personal information to third-party service providers or consultants. Twilio engages certain third-party service providers to carry out certain data processing functions on our behalf. These providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data. You may learn more by reading the Twilio Privacy Notice.
- We may share Customer Content with sub-processors who assist in providing the Twilio services, like our infrastructure provider, or as necessary to provide optional functionality like transcriptions. An up-to-date list of sub-processors for the Twilio Services is located here.
- We may share our customers’ personal information or your personal information within the Twilio group of companies, such as with a subsidiary of Twilio Inc. We and our subsidiaries will only use the information as described in this notice and in the Twilio Privacy Notice, as applicable.
- We may disclose our customers’ or your personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process, or a government request (including to meet national security, emergency services, or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Twilio is required by law to disclose any personal information of our customers or any of their Frontline users, we will notify our customers of the disclosure requirement, unless prohibited by law. Further, we object to requests we do not believe were issued properly. You can read more in our Law Enforcement Guidelines.
- If Twilio goes through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. In that situation, and that situation only, we might transfer your data in a way that constitutes a sale under applicable law. If we do, we’ll let you know ahead of time, and any acquirer or successor of Twilio may continue to process data consistent with this notice.
- We might also share data with third parties if the data has been de-identified or aggregated in a way so it cannot be used to identify you.
If you’re a Californian interested in what personal information Twilio has shared lately for our business purposes, here’s a list:
- Commercial information
- Financial information
- Internet or other electronic activity information
- Geolocation information
- Professional or employment information
By “our business purposes,” we mean that we only share personal information as we describe in the Twilio Privacy Notice (in other words, this may include telephony operators, communications providers, and so on).
When you use the Frontline App, personal information of our customers and their Frontline users processed by Twilio will be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate.
Twilio employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law, including Binding Corporate Rules and Standard Contractual Clauses.
Twilio has established and implemented a set of Binding Corporate Rules (“BCRs”) for internal transfers of personal information between Twilio group companies in the European Union and Twilio group companies elsewhere. Twilio’s BCRs have been approved by European Union Data Protection Authorities and are a commitment by Twilio to adequately protect personal information that Twilio processes regardless of where the information resides. You can access Twilio’s BCR controller and processor policies here.
Please see the Twilio Privacy Notice for information about our dispute resolution process.
Twilio Frontline takes appropriate technical and organizational measures to protect the security of your and your users’ personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place. No method of transmission, or method of electronic storage, is completely secure. While we strive to protect your and your users’ data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Twilio will store your Customer Account Data as long as needed to provide you with the Frontline Services and to operate our business. If you ask Twilio to delete specific personal information from your Customer Account Data (see ‘How To Make Choices About Your Customer Account Data’ in the Twilio Privacy Notice), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
You can make various choices about your Customer Account Data through the account portal, such as accessing it, correcting it, deleting it, or updating your choices about how it is used, when you log into your Twilio account or through the marketing preferences center. Any other requests about your data you cannot make through these self-service tools, you can request by emailing firstname.lastname@example.org or contacting Customer Support.
For instructions on how to request closure or deletion of your Twilio account, please see ‘How To Make Choices About Your Customer Account Data’ in the Twilio Privacy Notice.
You can choose not to receive promotional emails from Twilio by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting Customer Support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy notices, security alerts, and other notices relating to your access to or use of our products and services.
Details regarding how long your users’ personal information may be stored on Twilio systems and how to delete, access, or exercise other choices about users’ data will depend on which Twilio products and services you are using and how you are using them. For that reason, our API docs for each of our products and services are the best place to find more detailed information about managing users’ data collected and stored in connection with your use of the Frontline Services.
As a Twilio customer, if the Twilio product or service you use enables you to store records of your usage on Twilio, including personal information contained within those records, and you choose to do so, then Twilio will retain these records for as long you instruct. In some cases, use of extended storage may cost more. If you later instruct us to delete those records, we will do so. Please note that it may take up to 30 days for the data to be completely removed from all systems. In some cases, a copy of those records, including the personal information contained in them, may nonetheless be retained to carry out necessary functions like billing, invoice reconciliation, troubleshooting, and detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when no longer legally obligated to retain them. We may, however, retain or use records after they have been anonymized, if the law allows.
For those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:
- that we provide details about the categories of personal information that we collect about you, including how we collect and share it;
- that we provide you access to the personal information we collect about you; and
- that we delete the personal information we have about you.
Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request. For more information on California consumer access and deletion rights, please see ‘California Consumer Access and Deletion Rights’ in the Twilio Privacy Notice.
Twilio will store our customers’ Customer Account Data as long as needed to provide our customers with the Frontline Services and to operate our business. If our customer asks Twilio to delete specific personal information from their Customer Account Data (see ‘How To Make Choices About Your Customer Account Data’ in the Twilio Privacy Notice), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, like billing for our services, calculating taxes, or conducting required audits.
Our customers can make various choices about your Customer Account Data through their account portal, such as accessing it, correcting it, deleting it, or updating their choices about how it is used, when they log into their Twilio account or through the marketing preferences center. Any other requests about their data that customers cannot make through these self-service tools, they can request by emailing email@example.com or contacting Customer Support. Frontline users need to contact the employer or other entity that has authorized their access to the Frontline App on its behalf to make a request for us to update or erase any information about them or to stop using any information about them.
We may change this Frontline Privacy Notice from time to time, and if we do, the most current version will be available at https://www.twilio.com/legal/privacy/frontline with the date indicating when it was last updated. These changes might be minor, such as updating an address or fixing a typo, or they might be material, such as making a change that affects your rights. If we make changes that affect your rights, we will provide advance notice to you, such as by posting a message in the Twilio console, or we’ll send an email via the address we have on file for you. We will comply with applicable law with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.
If you need help with Twilio Frontline, please contact Frontline Support at firstname.lastname@example.org. Questions regarding this Frontline Privacy Notice, the Twilio Privacy Notice, or Twilio’s information practices should be directed to email@example.com. For information about Twilio’s DPO or mailing addresses, please see the Twilio Privacy Notice.